Share This Page

Hi,
Since the TC forum is still down, I would like to make a thread from TC forum come back here (called "finding the magic switch").
This is my first post on this forum, so if I break any rules, be kind and just delete this post And also sorry for my english

I have managed to modify the ievo firmware (2.3) so that it will let user switch to DSi mode from a DSL. It might be really useful for 3DS or new firware DSi that can't run the DSL mode any more to make this task.
Before doing anything, please read carefully the following instructions :
* use the nds file only to switch ievo into DSi mode and nothing else !
* when dsi mode is enable, you won't be able to use your ievo on DSL anymore, unless you switch back
* it has been tested only on a DSL and ievo bootstrap 1.1 EUR. There is high probabilty it works on US region also, but not tested.
* the region test (ievo region == dsi/3ds region) has been disable, so check your ievo region !
* use it at your own risk... (but it worked perfectly on my ievo...)

This is a ievo firmware 2.3 dump, and repack into nds file, with a very few modifications in the arm9 code (but there is still, so don't use it for something else that the switch to DSi...).
Instructions :
1) boot your ievo on dsl
2) launch the above nds file as an homebrew
3) As the file is a firmware, an exact display from ievo menu will appear
4) go to settings and select "boot from slot-2" (I was too lazy to change this value)
5) a message will show up saying that you are in DSi mode
6) switch off your DSL, and insert your ievo on a DSi/3DS, and that's it !

I remember this thread on TC forum, i'm glad to see it rebirth in there.

Thanks zorgluf !

Ps: i told avenir about this thread.

A quote from you when you answered avenir's question on TC forum :

Quoted from zorgluf @ TC Forum:

Here is what reset.mse do (there might be shorcuts if you want to implement it) :
* Get the last 4 byte of boot.ievo
* XOR them with 0x696D6520. The result is an offset (O1) in boot.ievo
* Get the 0x2000 bytes from O1 in boot.ievo : the first 16 bytes is a RC4 seed that can decrypt the other 0x1FF0 bytes. These bytes are in fact arm binary that can decrypt the boot.ievo file, and that is an implementation of a HC-128 cypher. The key is c15c09d26939def94b2c110d6ffed971.
* Now there is 3 decryption with HC-128 cypher. The first one is 0x200 bytes of boot.ievo starting from offset 0x80. The IV used is "\x38\x47\xD9\xEA" + "\xC5\xB9\x99\x45" + "\x71\x62\xC6\xE7" + "\x4F\x20\x42\x0A". It contains some part of nds header (arm9/7 offset and size) and the next IV.
* The 2nd part is the arm9 loaded at 02294000. It comes from offset 0x280, size 0x99F8C of boot.ievo with IV "\x6D\x78\xEB\xD0" + "\x82\x43\xDF\x63" + "\x80\x0B\xA2\xF0" + "\x05\x49\xA1\x8F"
* The 3rd part is the arm7 loaded at 02292000. It comes from offset 0x9A20C, size 0x784 of boot.ievo with IV "\xB2\xD7\x56\x36" + "\xE1\xF1\x1C\x13" + "\x15\xE0\x6C\xA5" + "\x90\xE9\xF1\x0F"

Since you've managed to get the DSi switch working on DSL systems, is it too far fetched that we can try to move into creating a custom firmware? Or at least open the floodgates for other developers like the AKAIO Team, YSMenu Team, and Wood Team?

Since you've managed to get the DSi switch working on DSL systems, is it too far fetched that we can try to move into creating a custom firmware? Or at least open the floodgates for other developers like the AKAIO Team, YSMenu Team, and Wood Team?

Click to expand...

Well, I don't feel it's impossible... but almost impossible !
There is a huge difference (at least for me) between just hack a few byte to modify some program flow and understand how everything is working.
Now on, I will try just to understand how ievo is booting from the start using bootstrap file. Maybe we can change the DSL rom so that the DSL mode would run again...

BTW zorgluf, the first RC4 cipher seems not working well here. Do you know why?

Click to expand...

Sorry, I made a mistake, the offset for RC4 in boot.ievo file is :
offset^=0x696D6520
offset-=0x2000

Click to expand...

Thank you for info. But I couldn't find iv_header(3847D9EAC5B999457162C6E74F20420A) in that binary...
If iv_header is defined in bootstrap, we won't need to worry, but they might change iv_header in kernel 2.4...

BTW zorgluf, the first RC4 cipher seems not working well here. Do you know why?

Click to expand...

Sorry, I made a mistake, the offset for RC4 in boot.ievo file is :
offset^=0x696D6520
offset-=0x2000

Click to expand...

Thank you for info. But I couldn't find iv_header(3847D9EAC5B999457162C6E74F20420A) in that binary...
If iv_header is defined in bootstrap, we won't need to worry, but they might change iv_header in kernel 2.4...

I'm assuming that DSL stands for DS Lite so that would also work on the original DS system.

I have the cyclods but mainly for novelty, got a good deal on it. I think I'd rather wait for an official release since I don't use this card. But are you saying that it locks you into DSi mode if you just update it and plug it into a 3DS? That would suck since DSi mode causes most games to freeze up.

Imo this is the most crude card in my collection so I wasn't really expecting DSi mode to work quite right. But it would be good to see more emphasis put on keeping that working and updating/fixing it more from the main team.

Hopefully they'll have DSi mode fully taken care of some day but I'm sure people are wanting to move into 3DS now.

when you put the ievo into a dsphat/dslite it boots into ds mode. the issue was that people who were in this mode could not switch back to dsi-mode if they had a dsphat/lite, an updated dsi, or an updated 3ds. this fix allows them to force the dsi-mode switch on a dsphat/dslite and then use the card in their updated dsi/3ds. so to answer your questions, yes it will work the same in the dsphat, as the hack is only mode dependent not system dependent.

the dsi still has a lot to offer, in regards to homebrew. the problem is that we do not have a usable, workable, affordable, and updated solution. users aren't going to drop the $45-55 on the ievo knowing that its basically a ds-mode flash kit with dsi-mode homebrew support. if there was a $10-20 solution i think we would see an increase in dsi-mode homebrew.

right now only alekmaul and elhobbs are embracing dsi-mode. the other projects are either proof of concept or recompiled for ievo support. i wish it wasn't this way but i'm afraid it will stay this way. i don't expect another team to use the wintermute exploit on a flash kit and i don't expect cyclops to start fixing the bugs. i'd love it if they came back with a huge update but i'm starting to think they have moved on from the ds scene.

Hi,can anyone make me clear, so CycloDS iEVOLUTION flashcard can work on DSi V1.43 and 3DS V2.1.0-4 now? Good news!

Click to expand...

lol ,yes , i have just tested the ievolution on the 3ds 2.1.0-4U of my friend , it can work well on dsi mode by your "boot-unpack-mod.nds".
Thanks a lot . If anyone have questions also can contanct with me .

Hi,can anyone make me clear, so CycloDS iEVOLUTION flashcard can work on DSi V1.43 and 3DS V2.1.0-4 now? Good news!

Click to expand...

lol ,yes , i have just tested the ievolution on the 3ds 2.1.0-4U of my friend , it can work well on dsi mode by your "boot-unpack-mod.nds".
Thanks a lot . If anyone have questions also can contanct with me .

Click to expand...

The iEvo works on the DSi 1.4.3 and 3DS 2.1.0-4, but it sure doesn't work like every other flashcart works. In other words, it doesn't have WiFi and a lot of games have compatibility problems regarding some old and new games in DSi mode. You can make the games work on it, but it won't help with newer game compatibility and such... Also the enhanced menu may not be accessible on all games in DSi mode regardless how old or new the game is. So technically you have a partially working cart. Hopefully we get a real update for the cart in the next few days